malwarewikiaorg-20200223-history
Kernel panic
Blue Screen of Death '''(also known as a '''Blue Screen, BSoD, '''or Death Screen') is an error screen. It is displayed on a Microsoft Windows computer system after it detects a fatal system error, loss of stability, or when it is filled with malware. It is also known as a system crash. That happens when the operating system reaches a condition where it can no longer operate safely. A related problem to this on console machines though not necessarily on a screen is the Red Ring of Death (RRoD) on Xbox or Blue Light of Death (BLoD) on Playstation. Many versions of Windows have had these screens since the start. Its Mac counterpart is the Mac Kernel Panic, and the Linux counterpart is the Linux Kernel Panic. Mac and Linux use the Kernel Panic as they are Unix-based. Description On Windows Vista, 7, and 8 (but not Windows 8.1 or 10, or XP and lower) if you end the task "csrss.exe" in the Task Manager (accessible by searching it up on your Start Menu, by selecting "Task Manager" in Ctrl+Alt+Del menu) or by going to All Apps > Windows System > Task Manager, you will get a Blue Screen, however it does not do as much damage to you than what's displayed on a regular Blue Screen. Cancelling "csrss.exe" in Task Manager with Windows 8.1 or 10 will hang the system only. Deleting System32 will not give you a Blue Screen, but will rather delete Windows, but deleting a few files such as user32.dll, csrss.exe, or winlogon.exe will cause a Blue Screen, even during startup. Often a Blue Screen appears after a virus destroys a critical file that is required to run Windows, or if your system is unstable and crashes. There are also some viruses which are using fake Blue Screens as their payload, including: BSOD, Smash, Prizm, and Gollum. Removal Should one get the Blue Screen of Death, it is advised to enter Safe Mode, which is accessible in the boot menu, or the "Troubleshoot" tab. After a Blue Screen upon reboot, it will tell you that "Windows has not shut down properly", and then you can recover your computer or start Windows normally. However it may not always work, and there is a small and very unlikely chance you could get a Blue Screen during your recovery phase. You will then go through the recovery stage again after. Then you should run an antivirus scan or anything else that can possibly fix problems to make sure no malware will cause another Blue Screen. If the Blue Screen can not be fixed, you should get help on a tech support website or get it fixed at a tech store. History and Death Screens 'Windows' Windows 1.0 and 2.0 Though the Blue Screen did not officially appear in Windows 1.0 and 2.0, something similar did appear. It was a screen that would appear at startup. It would start with "Incorrect DOS version" below the copyright of the startup logo before printing strange text and symbols, making it not very useful for users. It also makes multiple beeps while the random text is being typed out. It would either load the OS successfully, return back to DOS, or just load the OS full of white bars, forcing the user to reboot if the latter occurs. It often appears if the startup encounters problems, such as if the OS is installed on a version higher than MS-DOS 5.0 and the server was not used. A fail of boot would show the blue screen for the boot and when booted, corrupts the system. Regular crashes would halt the system. Also, the C:\con\con "trick" does not work here - it would say it could not find "con.exe". Windows 3.x Windows 3.0 did not feature a Blue Screen; a crash would simply halt and hang the system and show no death screen. Windows 3.1, however, featured an unofficial Blue Screen, which was the warning message via Ctrl+Alt+Del, which was the Task Manager. It would read that the user tried to end a process when there is none open. It allows any key to continue in Windows, and does no damage. If a process was unresponsive and Ctrl+Alt+Del was used, the Blue Screen would read that the process is not responding and allow the user to kill the process or reboot. Running C:\con\con will crash the system. However, this crash would still hang the system. The Gollum joke virus would place a Blue Screen at startup on a certain date, which would read a Hobbit quote. This Blue Screen does not do any lasting damage. ''White Window of Death This death screen appears on Windows 3.1 or anything on the Windows 9x family. It appears when your Windows Explorer (explorer.exe) is corrupted, if your computer runs out of memory to do even the most basic functions and commands, or if in Windows 3.1, an application performs an illegal action. If explorer.exe fails to load it tells you to reinstall Windows if you get this death screen, if it is given from memory, it will tell you to close programs, and if given from illegal action, clicking OK terminates the program. Windows 9x Windows 9x (95, 98, and ME) Blue Screen resembles the Task Manager warning screens in Windows 3.1. Windows 95 is the first version of Windows to have an official Blue Screen. This Blue Screen now shows the cause of the error, and either allow a Ctrl+Alt+Del reboot or to continue in Windows with a single keystroke. However, going back into Windows usually rendered the OS unstable until reboot. A notorious Blue Screen occurrence in Windows 9x occurred when Bill Gates plugged a scanner to a demo Windows 98 PC during the Windows 98 Release Candidate launch, only to later crash. It can be seen here. Another way to automatically activate a Blue Screen in Windows 95 and 98 without an update that patches this is to run the following in Run: C:\con\con. The other keys works instead of just "con": *AUX *PRN *CLOCK$ *NUL *A: - Z: *COM1 - COM9 *LPT1 - LPT9 *DEV (sometimes) The 'con' issue is not present in Windows ME. Many "Windows Codename Millennium" (Windows ME beta) versions had many different issues that caused different Blue Screens. Shutting down in Safe Mode can show a "Windows Protection Error" Blue Screen, which would regularly occur during startup. Sometimes, shutting down would show a "It is now safe to shut down" Blue Screen if it did not support drivers. Prizm and Smash were some viruses that made fake Blue Screens in this version. The Blue Screen virus also made a fake Blue Screen, though it does not resemble the one in the real Windows 9x. System is Busy Screen There is a Blue Screen that can appear on Windows 98, that can appear when a user attempts to close an unresponsive program. Windows NT 3.x and 4.0 Windows NT 3.1 - 4.0's Blue Screen features the most descriptive Blue Screen, featuring many files shown, the error, the OS build, addresses, and some instructions about it. Early betas of Windows NT 5.0 and Windows 2000 betas also featured this Blue Screen before undergoing changes in later betas. On up to Windows XP, there is a program exploit that can terminate "csrss.exe" and cause a Blue Screen. The code below will crash the computer as long an new service pack is not installed on the computer (this issue always occur on NT 4.0 and under): #include int main (void) { while (1) printf ("\t\t\b\b\b\b\b\b"); return 0; } More info can be seen here. This issue is not present in Windows 9x and is patched in Windows Vista and up. Windows 2000 The Blue Screen is now not as much descriptive, but much more simple and resembles the Windows XP Blue Screen. It would feature the code, error, and instructions. On this version onwards, the Ctrl+Scroll twice registry entry can crash the computer if the keyboard is PS/2 if it is manually added. Any Blue Screen message that is simplified heavily on Windows XP-7 (like STOP c000021a) still keep the instructions on Windows 2000 (the only exception are Hardware Malfunction Blue Screens). This Blue Screen is also present in early Whistler (XP beta) builds. Windows CE Windows Embedded CE featured Blue Screens, which resembled Windows XP's but with an auto-reboot timer at 30 seconds, and it lacked instructions. A Ctrl+Alt+Del could reboot the PC, similar to Windows 3.1's and 9x's. Pocket PC did not have this Blue Screen. Black Screen of Death This death screen (also known as BkSoD) appears on Windows during boot-up failures, usually due to missing files. If you get this death screen, your computer will not be able to boot up, even in safe mode. However, you can usually fix it by booting into a different device and decompressing certain files. Red Screen of Death This death screen appears on Windows 98, beta versions of Windows Vista and PS2. It is not an official death screen, but it appears when the ACPI encounters an error on Windows 98 or when Windows fails to load on Windows Vista. But that RSOD is NOT from Windows Vista, it was from Windows Longhorn (aka Windows Vista Beta) It is in a way resembles the Windows 9x Blue Screen on Windows 98, except red in color, and on Windows Vista, might be an early version of the Windows Boot Manager. On the actual windows vista and 7, it would show a black screen with a little more detail and moved a bit. On Windows 98, any keystroke went back into Windows. Windows XP, Vista, and 7 Windows XP makes another change on the Blue Screen. The font is now different, and is bigger, and still resembles the one in Windows 2000, except the error and its code is moved around. In Windows Vista, 7, and 8, if you open Task Manager and end the process "csrss.exe" (which is the Client/Server Runtime Subsystem, which the OS runs on top on), it will result in an immediate Blue Screen, however it is not harmful unless all unsaved work was lost or if startup files were corrupted. It is also possible in Windows XP, but cannot be done without software as Task Manager prevents csrss.exe from being killed normally. ReactOS, an attempt to be a free and open-source version of Windows NT, also has a Blue Screen. It is exactly the same as the one in Windows XP - 7, but the word "Windows" in "A problem has been detected and Windows has been shutdown to prevent damage to your computer." is now "ReactOS" for the operating system. Early Windows 8 builds featured this before making a major change. Windows 8 Beta Only on some betas of Windows 8, the Blue Screen was black. This one also does not contain the sad emoticon in the final release for Windows 8, though it still contains the error code/name and collects data before restarting. Windows 8, 8.1, and 10 This is likely the final change to the Blue Screen, and it now features a sad emoticon on the Blue Screen. This one is much easier to read and use, though it is less descriptive than the others. In later betas of Windows 8, the text said "Your PC ran into a problem it couldn't handle and now it needs to restart" instead of just "Your PC ran into a problem and needs to restart". On Build 8056, the Blue Screen was black instead of blue, but the text is the same as the earlier with a sad emoticon. In an update for Windows 10, known as The Anniversary Update (build 14393), more was added to it, including a QR code and adding more text saying to visit http://windows.com/stopcode to learn more. Also, the stop error is moved down and the line with it now says "If you call a support person give them this info: Stop code: *stop code*". However, the QR code will always redirect to http://windows.com/stopcode, regardless of the error. On Windows 8.1 and 10, the csrss.exe killing no longer triggered a Blue Screen; it will simply hang the system instead (any playing sound will still loop, but the screen will still stay there with no blue screen). However, killing csrss.exe and getting a Blue Screen will still work on Windows 8. To get a Blue Screen in Windows 8.1 or Windows 10, the DCOM Server Process Launcher system process must be terminated instead. Terminating the DCOM Server Process Launcher may work on Windows 8, but on Windows 7 or below, it does not cause a Blue Screen, but reboots the computer after 1 minute. Green Screen of Death On Windows Insider builds of Windows 10, the death screen was changed to a green colour, thus making it easier to identify an error in a preview build rather than a stable build of Windows 10. 'Other Operating Systems/Situations' Linux Kernel Panic This is a Linux counterpart of the Blue Screen of Death. It is black and looks like a boot-up menu. Mac Kernel Panic This is a Mac counterpart of the Blue Screen of Death. This includes the Sad Mac, the Bomb, and etc. It also has a "power" symbol in the middle. Before Mac OSX 10.2, the Kernel Panic was not as simplified and looked much like the Linux Kernel Panic. This can also appear in iDevices, more commonly in jailbroken devices or iPhone 3rd generation. iPhone 5S Blue Screen Not much is known about this iOS Blue Screen, but it is presumed to be a kernel panic. It is unknown about how this is obtained on your phone, but it can be fixed with a manual restart. Chrome OS Blue Screen It is found in Cr-48 developer mode by typing "xyzzy" into the boot manager. This was an intended "Easter Egg" and was a mock up of the Windows NT 4.0 Blue Screen as it was incredibly similar in appearance except in a slightly lighter shade of blue, with random files like "bowser.sys". Virtual Machine Guru Meditation It happens when virtual machines have too many problems to handle themselves, in which they just shut down instantly. It usually appears when the host of a VM has too much RAM used, while the VM needs more free RAM. It is currently unknown if it can appear in other conditions. Sad iPod Death Screen This appears if damage occurs to the hardware or firmware, such as deletion of system files. This death screen will not appear on newer generation iPods. Red Ring of Death This is not necessarily a death screen per se, but this appears on the Xbox 360 if it experiences a problem, most notably the "general hardware failure" problem. ''Google Malware Screen'' On Google Chrome this death screen appears when you visit a malicious site in which Google blocks you from entering the dangerous site due to malware being detected on said website. Impersonation by Malware A dangerous version of the screen was created under a fake Microsoft Security Essentials installer made by Hicurdismos and appeared in October 2016. Whereas, this scam deceives users into believing that their computers crashed with the error and can call using the phone number to get the error fixed. Calling through the fraudulent phone provided on this screen would risk into losing credit card and/or other damages. Hicurdismos scam Sources * https://msdn.microsoft.com/en-us/library/hh994433.aspx * https://technet.microsoft.com/en- * us/sysinternals/bb897558.aspx * https://en.wikipedia.org/wiki/Screen_of_death * https://lagittncomputercentral.wordpress.com/2015/09/05/screen-of-death/ * https://en.wikipedia.org/wiki/Blue_Screen_of_Death * https://en.wikipedia.org/wiki/Kernel_panic * https://discussions.apple.com/thread/177176?start=0 * https://en.wikipedia.org/wiki/Glossary_of_video_game_terms#Kill_screen * http://askubuntu.com/questions/35722/what-is-kernel-panic * http://www.howtogeek.com/163452/everything-you-need-to-know-about-the-blue-screen-of-death/ * http://answers.microsoft.com/en-us/windows/wiki/windows_10-update/blue-screen-of-death-Blue Screen/1939df35-283f-4830-a4dd-e95ee5d8669d * https://en.wikipedia.org/wiki/Fatal_system_error * https://support.apple.com/en-ca/HT200553 * http://www.gamespot.com/forums/pc-mac-linux-society-1000004/viruses-on-gaming-consoles-28421117/ * https://discussions.apple.com/thread/5727959?tstart=0 * https://en.wikipedia.org/wiki/Black_Screen_of_Death * https://www.youtube.com/watch?v=TdTZzE6cizo * http://www.computerhope.com/issues/ch001141.htm * http://windows.microsoft.com/en-ca/windows7/resolving-stop-blue-screen-errors-in-windows-7 * http://www.cnet.com/news/cr-48s-chrome-os-easter-egg-blue-screen-of-snark/ * https://forums.freebsd.org/threads/56682/ * http://www.theverge.com/2016/4/12/11412906/microsoft-windows-10-blue-screen-of-death-qr-code * http://unix.stackexchange.com/questions/60574/determining-cause-of-linux-kernel-panic it:Schermata blu di errore Category:Operating systems Category:Fundamental concept Category:Win32 Category:Linux Category:MacOS Category:Microsoft Windows Category:Win9x Category:Mobile Malware Category:BSOD program Category:Win16 Category:Win64 Category:BSD Category:Solaris Category:Game Console Category:IOS Category:Android Category:ChromeOS Category:PalmOS